[c-nsp] OSPF NSSA Question

[Jay Hennigan]

> I don't think you can apply a distribute-list against an OSPF neighbor,
> can you?  This would violate the technical requirements for OSPF
> operation.
>
> I thought that one could only apply distribute-lists against
> redistributed protocols.

You can filter OSPF inbound since 12.2(28)S and 12.2(15)T

http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a008012db77.html  (watch wrap)  or http://tinyurl.com/5gw8v

There is a distinction between the LSA database which must comply with
the OSPF technical requirements and the IP routing table which does not
need to match the LSA database.  The URL above addresses that.

    " Users can define a route map to prevent OSPF routes from being
      added to the routing table. This filtering happens at the moment
      when OSPF is installing the route in the routing table. This feature
      has no effect on LSA flooding. In the route map, the user can match
      on any attribute of the OSPF route. "

So, it looks like indeed, on his access routers, he can if he chooses
filter all but the default route from OSPF from getting into the routing
table.  So the answer to the original question is yes, you can prevent
the customer routes from other routers in your area from showing up in
the routing table of every access router.  Seeing as those customer routes
will all have the same next-hop of the distribution router anyway (different
VLANs from each access router back to distribution), doing this shouldn't
blackhole one customer from reaching another.

Whether having 100 access routers and the distribution router all in one
area or splitting them up is a better design, or whether OSPF is even
the appropriate protocol for this application are still open to debate.

--
Jay Hennigan - CCIE #7880 - Network Administration - jay at west.net
WestNet:  Connecting you to the planet.  805 884-6323      WB6RDV
NetLojix Communications, Inc.  -  http://www.netlojix.com/